An approach for testing the krb5 KDC, fixes for UPN support

Andrew Bartlett abartlet at samba.org
Mon Jan 5 17:38:02 MST 2015


G'Day,

Just a heads-up that I'm looking at how to test the Samba KDC, more than
just by the side-effects it shows in the krb5 libraries.  

I realise this has serious portability constraints to the MIT codebase,
but I think this is still worthwhile as a tool for verification. 

https://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/krb5-tests

I'm doing this because I need a basis to then implement good tests
around the correct behaviour with regards to the canonicalize flag and
enterprise principal names, for fixing our enterprise UPN support,
raised here:

https://lists.samba.org/archive/samba/2013-October/176422.html

The fixes I have for UPN support are here:
https://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/krb5-upn

However, the back-ported Heimdal patches break our RODC, and while
Garming has done a great job finding the problem, it prompted me to
start on a much better testsuite. 

We should also have some canned windows requests to assert responses to
(with fixed up passwords/times).

I'll post this again to the list when we have some more tests written.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba






More information about the samba-technical mailing list